Health Care Cyber Security

Healthcare is an industry sector that has become unstable and crucial in this expanding digital landscape. This necessitates an organization's data security program to be properly structured, as there is no room for error, which could easily translate into a life-and-death situation. This article presents both fundamental technical and business issues that often elude the healthcare data security program. On the technical side, extensive proliferation of data and systems into the cloud, a continuous increase in connected medical devices, and a negative return on security investment are among the concerns.

Matters from a business perspective include adopting a security-by-compliance approach, lack of visibility and oversight, significant legal changes, the lack of an optimal CISO reporting structure, and uncoordinated incident response and cybersecurity processes.

This article then attempts to illustrate how these concerns might be addressed to further strengthen the cybersecurity program in an organization. Many healthcare institutions today are moving into the cloud in some form (electronic medical records, transcription services, etc.) for the obvious benefits. A health IT adoption expectations survey from 20171 provides data concerning healthcare organizations using cloud services. Electronic health records (27.6%), storage (25.2%), business intelligence and analytics (21.4%), and telemedicine (20.2%) services are leading the way. There are risks to be managed when migrating to the cloud. Moreover, there's data privacy that tags along with any change.

Eighty percent of business executives across the US recognize cybersecurity as a significant challenge, and a considerable number (six in 10) perceive cybersecurity risk as merely an "IT problem." Identifying the problem is always a significant first step, but then attributing the responsibility is crucial.

Did you like this example?

495

21